Wednesday, June 2, 2010

What I learned from being HACKED!

(This is my full story. For the important bullets, you can scroll down to the bottom ;)

About a week ago, while I was actually in the middle of a large order for the shop, my husband phoned me from work. I know you’re busy, he said, but I thought you might want to know that I just received an email from “you,” saying you are in London and need money. I think your email has been hacked!

I immediately got online to check the situation. Panic set in as I realized that not only could I not log into my email, but I couldn’t retrieve my password through any of the security protocols either. Later, I would learn that the hacker had changed the password, the security question, the profile DOB and location, and the alternative email. I was locked out of my own inbox.

My mind was spinning. What do I do? Who do I go to? What kind of personal information does this stranger now have access to? I felt helpless. My heart started racing as thought of all 350 emails that I had been meaning to sort through for the last few months. Letters from old friends, photos from the family - now possibly lost forever. Almost worse yet - what kind of financial information did I leave in there? Order confirmations that might have had my account numbers or even usernames and passwords to online retailers that might have my credit cards saved. Oh, I felt sick to my stomach. This could be very bad…

The first thing I did was go to every online retailer I could remember ever going to. For me this was relatively easy, because I don’t shop online a whole lot. Basically, it was places like Target, Amazon, Old Navy and Joanns. I logged in to each account, changed the login info. This sounds easy, but it was actually a lot of work. Especially when I got to places like Ebay. I haven’t shopped there in years and couldn’t remember my password, and I didn’t want them to email me a reset link, because I couldn’t access my inbox! Luckily at Ebay they have a live help chat now and a very nice real-live man named Mark was able to assist me through IM. This step (changing my online profiles) probably took me about 2-3 hours, but I did it so that if any of my login info was in my inbox and if the hacker happened to go through looking for that kind of stuff, none of them would work because I would have changed them all.

At this point, I felt like maybe my financial info was somewhat covered. Now to try to get my email back.

After racing through a Google search for help, I was able to locate the Account Recovery form for hotmail. I was saved! All I had to do was fill out this survey, which cleverly asked me several questions about myself, and my inbox (to help them verify that it was mine), and they would reply to me right away with my password reset link. Right?

WRONG. To my surprise, finishing the survey merely opened up a forum - a private one between me and Microsoft Help. Theoretically, I guess they are just supposed to somehow notice that this obscure forum exists before they even try to resolve the issue? I was hoping for something a little more direct. But I decided to have faith. I waited for a day. Nothing. I left another comment in the forum with more details I remembered about my inbox. Nothing. I left another comment, basically saying how anxious I was to resolve the issue. Nothing. The whole experience was not unlike being told, “Oh, you need help? We can help you. Tell us about yourself. Now sit in this room alone while we ignore you.”

Getting frustrated I did more research and found a man who had gone through a similar situation, except that he was able to contact MS customer service directly! Ooo da laly! This email address is surprisingly hard to find in forums or searches, but, if you ever need it, here it is. I was able to use this email to pester them until they finally resolved the issue. Five days after being hacked, I finally got a password reset link and was able to recover my inbox. HURRAY!!

So what did I learn from this experience? How can you learn from my mistakes? Here are some of my suggestions on how to keep your inbox more secure. Be advised: I am not an expert on the subject, these are merely some pointers from my personal experience.

To help prevent hacks:
A password with more than one word - A lot of people know that you should pick a good password with numbers or a hard-to-guess phrase. I had shortened mine to one word because it was fast and easier to type. This was a mistake (and probably how he eventually got me). Did you know that hackers have devised programs that run your password field through the dictionary? Their computers can be trying the same email for days or weeks at a time, running one word after another until they hack in! Never use any one word that can be found in the dictionary as your password.

You get what you pay for - If your email is associated with your business, or is constantly receiving sensitive emails that you wouldn’t want others to see, you might want to switch to the email provided with your ISP over a free host like hotmail or gmail. If anything ever does happen, you’ll have much more support on your side, since they don’t want to lose your business. But places like hotmail have little motivation to help you.
Keep your anti-virus up to date - I was lucky my hacker wasn’t trying to infect my computer, he just wanted to get money from my friends. But some hackers have more villainous plans. Getting an anti-virus and keeping it up-to-date will help protect you.

Other well-known security practices:
Never stay signed in at a public place, like a library, or even your unattended desk at work.
Never sign in with the “remember me” box checked while in a public place.
Always make sure that the lock symbol is visible whenever you sign in. This ensures a secure internet connection. If you don’t see it, look for a link that might provide a secure line. On the hotmail homepage, a link saying “Sign in using enhanced security” may be just under the password field.

As a precaution:
Purge your inbox - Every month or so, go through your inbox and get rid of as many emails as you can. Save photos to your computer. Print precious emails from old friends or important papers so you’ll have a hard copy. Theoretically, you should be ready to leave your inbox behind without notice and not have to worry about what you left in there.

No important papers - I actually had a folder in my inbox labeled “Important papers” In retrospect, this was a mistake. It might be safer to print your important papers or save them to your hard drive and delete them from the inbox.

If all else fails, and you get hacked anyway:
Change your email password - I was unlucky enough to get a pretty aggressive hacker who locked me out. Most of the time, the hacker just wants your contact list to be able to con your friends and they usually don’t even bother to change the password, they just use the one you created. In this case, changing the password and security question right away is usually enough to solve the problem.

Change your profiles - if you did/might have sensitive information in your inbox at the time of the hack, go to those places and change your info. Maybe your user-id but definitely your passwords, so that the hacker can’t get in if he tries.

Make some phone calls - If you’re concerned that your identity is in danger of being stolen, don’t hesitate to call! The bank, credit cards, utilities, anything with online bill pay - just explain the situation and ask them for advice on what you should do.

If you have hotmail, and your password was changed, like mine was, you might want to fill out the Account Recovery form to get help. Then email MS customer service right away, let them know you were hacked, that you have a reset in progress and keep bugging them until they resolve the issue. Be a squeaky wheel!

Hopefully, none of you will ever need this information, but I wanted to try to offer it all in one place in case anyone does.

Do you have any other suggestions or hints? Please share them in a comment below!


  1. Oh gosh! Thanks for the post. I've been having computer problems lately, so your post is really a good post. And not just for me, for everyone. Sometimes we get too busy and just don't have time to do the smallest of things that could prevent BIG problems. Thanks again!

  2. UPDATE:
    On hotmail, you can now sign in with a "single-use code" instead of your password. It's good for signing in at public places or other people's houses - anywhere you wouldn't want your password to be accidentally stored. Haven't tried it yet, but looks interesting...


Related Posts Plugin for WordPress, Blogger...